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DETAILED ACTION 

1 . Claims 39-40, 44-47, 49-57, 59-62, 64-65, 67 and 71 -74 Pending. 
Claims 1-38, 41-43, 48, 58, 63, 66, and 68-70 Canceled. 

Response to Arguments 

2. Applicant's arguments filed 9/22/2009 have been fully considered but they are 
not persuasive. 

As per Applicants arguments asserting that Sandhus conflicts of interest are not 
equivalent to a condition of access authorization, Examiner respectfully disagrees. 
Firstly, Examiner asserts that it is clear by the disclosure of Sandhu that the RBAC 
ideas presented therein are applicable to database systems and system management 
environments (See Page 48, Column 1 , Paragraph 2) and that the cited sections of 
Sandhu can properly be applied to a database environment and combined with the co- 
cited prior art and as such, the resources of Sandhu are considered to be equivalent to 
the virtual databases of the instant application. Examiner notes that the roles of 
Sandhu each have separate access privileges, and being assigned a particular role 
which has access to resource (e.g. virtual database) A and does not have access to 
resource (e.g. virtual database) B, for reasons of conflict of interest or otherwise, 
discloses the limitation of denying access to at least one other virtual database when 
the user has the access authorization to the first virtual database as the roles of Sandhu 
are specifically designed to allow access to a first resource and deny access to other 
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specific resources based on the allowed access to the first resource. Examiner asserts 
that Sandhus example of the Billing Clerk and Accounts Receivable Clerk reinforces 
Examiners interpretation in that it makes clear that there are resources which a user 
assigned to the Billing Clerk role does not have access to and which a user assigned to 
the Billing Clerk role may not gain access to by being assigned to the Accounts 
Receivable Clerk role explicitly due to the positive permissions granted by the Billing 
Clerk role (e.g. the permissions to access the resources available to the Billing Clerk 
role). Examiner notes that Sandhus motivation of implementing this functionality (e.g. to 
prevent conflicts of interest) is immaterial as the disclosure of Sandhu makes it clear 
that the functionality was implemented. 

As per Applicants arguments asserting that the prior art fails to disclose a denial 
of access to a virtual database that "corresponds to at least one tenant other than the 
first tenant", Examiner respectfully disagrees. Examiner notes that Section 7.8 of 
Sandhu clearly discloses the existence of a decentralized management of role 
assignment. Examiner asserts that this indicates that the management of particular 
roles and therefore the management of access to particular resources may be assigned 
to different administrators (e.g. tenants) and as such the at least one other virtual 
database may correspond to at least one tenant other than the first tenant. 

As per the above arguments, the rejection will be updated to reflect amendments 
made to the claims and maintained. 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 39-40, 44-47, 49-57, 59-62, 64-65, 67 and 71 -74 rejected under 35 
U.S.C. 103(a) as being unpatentable over Elsey et al. (U.S. 6,870,921 B1) in view of 
Thomas ("Team-based access control (TMAC): a primitive for applying role-based access controls in 
collaborative environments", Proceedings of the second ACM workshop on Role-based access control; 
Pgs. 13-19; 1997; ACM) and in view Of Sandhu ("The NIST model for role-based access control: 
towards a unified standard", Proceedings of the fifth ACM workshop on Role-based access control, Pgs. 
47-63, 2000, ACM). 

As per Claim 39, Elsey discloses a database system comprising: a partitionable 
database, wherein the partitionable database is partitioned into a plurality of virtual 
databases (column 2, lines 16-17), each virtual database of the plurality of virtual databases 

comprises a respective plurality Of files (column 4, lines 2-3, wherein "virtual database" could 
mean "private directory", Examiner notes that directories hold files of distinct information.), each virtual 

database of the plurality of virtual databases corresponds to a respective tenant of the 
partitionable database, and for each tenant of the partitionable database, a partitioned 
virtual database for the tenant comprises stored files associated with the tenant (column 
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4, lines 9-16); and an access control subsystem (column 4, lines 16-22), wherein the access 
control subsystem is coupled to the virtual databases (column 4, lines 16- 22), the access 
control subsystem is configured to provide a first access to a user, the first access is to 
files in a first virtual database, the first virtual database is among the plurality of virtual 
databases, the access control subsystem is configured to provide the first access to the 
user only when the user has access authorization to the first virtual database from a 
first tenant and the first tenant corresponds to the first virtual database (column 4, lines 16- 

22). 

Elsey fails to disclose the access authorization is based at least in part on the 
whether the user is in communication with a customer of the first tenant, the access 
control subsystem is configured to deny access to at least one other virtual database 
when the user has the access authorization to the first virtual database, the at least one 
other virtual database comprises one or more of the virtual databases other than the 
first virtual database, and the at least one other virtual database corresponds to at least 
one other tenant other than the first tenant. 

Thomas discloses the access authorization is based at least in part on the 
whether the user is in communication with a customer of the first tenant (Page 18, Column 
1 , wherein the permissions may be deactivated at the end of a workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
access authorization is based at least in part on the whether the user is in 
communication with a customer of the first tenant with the motivation to distinguish the 
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passive concept of permission assignment from the active concept of context-based 
permission activation (Thomas, Abstract). 

Sandhu discloses the access control subsystem is configured to deny a second 
access to at least one other virtual database when the user has the access 
authorization to the first virtual database, the at least one other virtual database 
comprises one or more of the virtual databases other than the first virtual database 

(Section 5.1 clearly discloses static separation of duties which is used to prevents a user from being 
authorized for one role (e.g. a role allowing for access to at least one other virtual database) based on the 
user being authorized for a current role (e.g. a role allowing access to the first virtual database).), and 

the at least one other virtual database corresponds to at least one other tenant other 
than the first tenant (See Section 7.8 which clearly discloses decentralized administrative control.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Sandhu to include the 
access control subsystem is configured to deny a second access to at least one other 
virtual database when the user has the access authorization to the first virtual database, 
the at least one other virtual database comprises one or more of the virtual databases 
other than the first virtual database and the at least one other virtual database 
corresponds to at least one other tenant other than the first tenant with the motivation of 
preventing conflicts of interest in a role based system (Sandhu, Section 5.1) 

As per Claim 40, Elsey discloses the virtual databases are disjoint from one 
another (column 4, lines 9-16, wherein the information stored may contain different elements). 
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As per Claim 44, Elsey discloses the access control subsystem is configured to 
provide the access authorization to the user for a particular file in the first virtual 
database based at least in part on initiation of a database call through an associated 
computer telephony integration (CTI) system by the customer of the first tenant (column 
5, lines 20-22) and deny the second access to the user, wherein the second access is 
denied based at least in part on the initiation of the database call though the associated 
CTI system by the customer of the first tenant (column 5, lines 20-22). 

As per Claim 45, Elsey discloses an operator of the partitionable database 
provides a common call center service to customers of tenants of the partitionable 
database on behalf of the tenants (column 10, lines 20-26). 

As per Claim 46, Elsey discloses a method comprising: granting an access 
authorization to a user of a partitionable database (column 4, lines 2-4, 16-22), wherein the 
partitionable database comprises a plurality of virtual databases (column 4-iines 2-3), each 
virtual database of the plurality of virtual databases comprises a plurality of files (column 

4, lines 2-3, wherein "virtual database" could mean "private directory", Examiner notes that directories 

hold files of distinct information.), each virtual database of the plurality of virtual databases 
has a unique database owner (column 5, lines 21-22), the access authorization relates to a 
first virtual database of the plurality of virtual databases (column 4, lines 16-22), providing 
to the user access to a file of the files in the first virtual database while the user has the 

access authorization (column 4, lines 16- 22). 
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Elsey fails to disclose the access authorization is based at least in part on 
whether the user is in communication with a customer of the database owner of the first 
virtual database; and denying to the user access to a plurality of excluded files while the 
user has the access authorization, wherein the excluded files comprise files in the 
virtual databases other than the first virtual database, and the excluded files consist of 
files in virtual databases with database owners other than the database owner of the 
first virtual database. 

Thomas discloses the access authorization is based at least in part on whether 
the user is in communication with a customer of the database owner of the first virtual 
database (Page 18, Column 1, wherein the permissions may be deactivated at the end of a workflow 
instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
access authorization is based at least in part on whether the user is in communication 
with a customer of the database owner of the first virtual database with the motivation to 
distinguish the passive concept of permission assignment from the active concept of 
context-based permission activation (Thomas, Abstract). 

Sandhu discloses denying to the user access to a plurality of excluded files while 
the user has the access authorization, wherein the excluded files consist of files in the 
virtual databases other than the first virtual database (Section 5.1 clearly discloses static 

separation of duties which is used to prevents a user from being authorized for one role (e.g. a role 
allowing for access to at least one other virtual database) based on the user being authorized for a 
current role (e.g. a role allowing access to the first virtual database).), and the excluded files consist 
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of files in virtual databases with database owners other than the database owner of the 

first virtual database (See Section 7.8 which clearly discloses decentralized administrative control.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Sandhu to include 
denying to the user access to a plurality of excluded files while the user has the access 
authorization, wherein the excluded files consist of files in the virtual databases other 
than the first virtual database, and the excluded files consist of files in virtual databases 
with database owners other than the database owner of the first virtual database with 
the motivation of preventing conflicts of interest in a role based system (Sandhu, 
Section 5.1) 

As per Claim 47, Elsey discloses the virtual databases are disjoint virtual 

databases (column 4, lines 9-16, wherein the information stored may contain different elements). 

As per Claim 49, Elsey discloses the user needs an authorization from the owner 
of the file to access the file, the method comprising: providing the access to the file to 
the user after the owner of the file grants the authorization to access the file (column 4, 

lines 11-16; column 4, lines 19-24; column 4, lines 30-33). 

As per Claim 50, Elsey discloses before the providing of the access to the file, 
receiving access authorization to the file for the user from the owner of the file (column 4, 
lines 16-22; column 4, lines 30-33). 
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As per Claim 51 , Elsey discloses the receiving of the access authorization to the 
file comprises initiation, by the customer, of a database call to the user through an 
associated computer telephony integration (CTI) system (column 4, lines 38-59); and the 
denying access to the plurality of excluded files is based at least in part on the initiation 
of the database call to the user through the associated CTI system (column 4, lines 38-59). 

As per Claim 52, Elsey discloses the partitionable database comprises a multi- 
tenant database having a plurality of tenants, each tenant of the tenants being an owner 
of a separate virtual database, at least two of the tenants utilizing a common call center 
service (column 4, lines 2-3; column 4, lines 9-12; column 4, lines 26-28; column 4, lines 38-51). 

As per Claim 53, Elsey discloses the partitionable database stores a plurality of 
files that are each associated with one of a plurality of unique database owners such 
that the virtual databases each comprise stored files associated with the corresponding 
owner of the virtual database (column 4, lines 2-3; column 4, lines 9-16). 

As per Claim 54, Elsey discloses the partitionable database is operated by a 
database operator on behalf of the owners of the virtual databases as tenants of the 

partitionable database (column 2, lines 20-25; column 4, lines 46-47, wherein the subscriber needs a 
service that is operated by an operator). 
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As per Claim 55, Elsey discloses each of the tenants lease capacity of the 
partitionable database from the database operator (column 4, lines 36- 38, wherein the 

subscriber or tenant needs a service that is operated by an operator). 

As per Claim 56, Elsey discloses the granting the access authorization to the 
user for database is initiated by a telephone call from the customer through a computer 
telephony integration (CTI) system (column 4, lines 38-44); and the denying access to the 
plurality of excluded files is based at least in part on the initiation of the database call 
through the user through the associated CTI system (column 4, lines 38-44). 

As per Claim 57, Elsey discloses the user is a representative of an organization 
providing a service to the owner of the first virtual database (column 4, lines 30-33). 

As per Claim 59, Elsey discloses the access provided to the user is temporary 
access limited to a duration Of the telephone call (column 5, line 32; column 5, line 56; wherein 
the "duration" is the time between log in and log out). 

As per Claim 60, Elsey discloses the telephone call is made regarding the file, 
the method comprising: automatically providing access to the user to a plurality of files 
in the first virtual database based at least in part on the telephone call (column 10, lines 20- 

25; column 10, lines 35-37). 
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As per Claim 61 , Elsey discloses the computer telephony integration (CTI) 
system is part of a call center service common to the owners of the virtual databases 

(column 4, lines 38-44; column 10, lines 20-26). 

As per Claim 62, Elsey discloses the providing the access to the file is based at 
least in part on the user receiving the telephone call via the CTI system (column 4, lines 38- 

44). 

As per Claim 64, Elsey discloses a method comprising: setting access privileges 
for a multi-tenant database (column 4, lines 2-4, 16-22), wherein the multi-tenant database 
comprises a partitionable database (column 4, lines 2-3), the partitionable database 

comprises a plurality Of virtual databases (column 4, lines 2-4, wherein "virtual database" could 
mean "private directory"; column 4, lines 9- 16), each of the virtual databases has an owner 
tenant among tenants of the multi- tenant database (column 5, lines 21-22), each of the 
virtual databases comprises multiple associated groups of data groups (column 4, lines 9- 
11), the setting the access privileges for the multi-tenant database comprises setting 
access privileges for the data groups in each of the virtual databases (column 4, lines 16- 
18; column 4, lines 28-35), and for each of multiple requests by a user to data groups in the 
virtual databases (column 4, lines 31-32), determining whether to grant access to the user 
for a requested data group based at least in part on a relationship of the user to an 
owner tenant of a virtual database that comprises the requested data group column 2, 
lines 45-47; column 4, lines 19-20; column 4, lines 28-35); when the relationship of the user to the 
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owner tenant is determined to be an employee relationship, granting access to the user 
for the requested data group (column 4, lines 28-35). 

Elsey fails to disclose when the relationship of the user to the owner tenant is not 
determined to be an employee relationship, granting temporary access to the user for 
the requested data group only during a time when the user is in communication with a 
customer of the owner tenant, denying access to the user for at least one other data 
group during the time when the user is in communication with the customer of the owner 
tenant, and the at least one other data group comprises one or more of the data groups 
other than the requested data group, and the at least one other data group is in another 
data virtual database, wherein the another virtual database has an owner tenant other 
than the owner tenant of the virtual database that comprises the requested data group. 

Thomas discloses granting temporary access to the user for the requested data 
group only during a time when the user is in communication with a customer of the 
Owner tenant (Page 18, Column 1, wherein the permissions may be deactivated at the end of a 
workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include when 
the relationship of the user to the owner tenant is not determined to be an employee 
relationship, granting temporary access to the user for the requested data group only 
during a time when the user is in communication with a customer of the owner tenant 
with the motivation to distinguish the passive concept of permission assignment from 
the active concept of context-based permission activation (Thomas, Abstract). 
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Sandhu discloses when the relationship of the user to the owner tenant is not 
determined to be an employee relationship, denying access to the user for at least one 
other data group during the time when the user is in communication with the customer 
of the owner tenant, and the at least one other data group comprises one or more of the 

data groups Other than the requested data group (Section 5.1 clearly discloses static separation 
of duties which is used to prevents a user from being authorized for one role (e.g. a role allowing for 
access to at least one other data group) based on the user being authorized for a current role (e.g. a role 

allowing access to the first data group).), wherein the another virtual database has an owner 
tenant other than the owner tenant of the virtual database that comprises the requested 

data group (See Section 7.8 which clearly discloses decentralized administrative control.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Sandhu to include when 
the relationship of the user to the owner tenant is not determined to be an employee 
relationship, denying access to the user for at least one other data group during the time 
when the user is in communication with the customer of the owner tenant, and the at 
least one other data group comprises one or more of the data groups other than the 
requested data group wherein the another virtual database has an owner tenant other 
than the owner tenant of the virtual database that comprises the requested data group 
with the motivation of preventing conflicts of interest in a role based system (Sandhu, 
Section 5.1) 

As per Claim 65, Elsey discloses each of the data groups is a file stored in the 
multi-tenant database (column 4, lines 2-3). 
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As per Claim 67, Elsey discloses at least a first subset of the requests for data 
groups by users are received for users that are user representatives of a database 
operator; each request in the first subset of the requests is based at least in part on a 
contact to a user representative, the users that the contact is initiated by a tenant that 
owns a virtual database associated with the requested data group, and the access 
authorization for the user representative is determined to have been provided by the 
owner tenant based at least in part on the contact initiated by the tenant (column 4, lines 

16-22; column 4, lines 28-33). 

As per Claim 71 , Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a live verbal communication between the user and the 
customer of the owner tenant. 

Thomas discloses the temporary access granted to the user is limited to a 
duration of a live verbal communication between the user and the customer of the 

Owner tenant (Page 18, Column 1, wherein the permissions may be deactivated at the end of a 
workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
temporary access granted to the user is limited to a duration of a live verbal 
communication between the user and the customer of the owner tenant with the 
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motivation to distinguish the passive concept of permission assignment from the active 
concept of context-based permission activation (Thomas, Abstract). 

As per Claim 72, Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a telephone call between the user and the customer of the 
owner tenant. 

Thomas discloses the temporary access granted to the user is limited to a 
duration of a telephone call between the user and the customer of the owner tenant 

(Page 18, Column 1, wherein the permissions may be deactivated at the end of a workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
temporary access granted to the user is limited to a duration of a telephone call 
between the user and the customer of the owner tenant with the motivation to 
distinguish the passive concept of permission assignment from the active concept of 
context-based permission activation (Thomas, Abstract). 

As per Claim 73, Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a live verbal communication between the user and the 
customer of the first tenant. 

Thomas discloses the temporary access granted to the user is limited to a 
duration of a live verbal communication between the user and the customer of the first 
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tenant (Page 18, Column 1, wherein the permissions may be deactivated at the end of a workflow 
instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
temporary access granted to the user is limited to a duration of a live verbal 
communication between the user and the customer of the first tenant with the motivation 
to distinguish the passive concept of permission assignment from the active concept of 
context-based permission activation (Thomas, Abstract). 

As per Claim 74, Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a live verbal communication between the user and the 
customer. 

Thomas discloses the temporary access granted to the user is limited to a 
duration of a live verbal communication between the user and the customer (Page 18, 

Column 1, wherein the permissions may be deactivated at the end of a workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants invention to 
modify the teachings of Elsey with the teachings of Thomas to include the temporary 
access granted to the user is limited to a duration of a live verbal communication 
between the user and the customer with the motivation to distinguish the passive 
concept of permission assignment from the active concept of context-based permission 
activation (Thomas, Abstract). 
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Conclusion 

5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Points of Contact 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Hicks whose telephone number is (571) 272- 
2670. The examiner can normally be reached on Monday - Friday 9:00a - 5:30p. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Neveen Abel-Jalil can be reached at (571)272-4074. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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